October 29, 2024 at 02:00PM
Free, France’s second-largest ISP, reported a cyberattack that compromised internal management tools and customer data, affecting over 19 million accounts. The hacker attempted to sell stolen data on the Dark Web. Free confirmed no sensitive information was compromised and has notified affected customers while filing a criminal complaint.
**Meeting Takeaways: Cyberattack on Free, the French ISP**
1. **Incident Overview**: Free, France’s second largest ISP, experienced a cyberattack over the weekend, resulting in the theft of customer data from its internal management tool.
2. **Data Compromised**:
– Threat actor “drussellx” stole data from Free’s databases, which include over 19 million customer accounts and 5 million international bank account details.
– No passwords, bank-card information, emails, SMS, or voicemails were compromised.
3. **Response and Actions Taken**:
– Free will notify affected customers via email about the breach.
– The company has filed a criminal complaint and reported the incident to France’s CNIL and ANSSI.
4. **Impact on Services**: Free confirmed that there has been no impact on its services despite the breach.
5. **Context of Increased Threats**:
– ISPs and telecom companies are increasingly targeted by cyberattacks.
– Notable Advanced Persistent Threat (APT) groups, such as Salt Typhoon and Evasive Panda, are utilizing these attacks to steal data and exploit vulnerabilities in ISP networks.
6. **Future Precautions**: The incident highlights the need for heightened security measures within ISPs to protect against data theft and sophisticated cyberattack strategies.